With the increasing demand for making electronic payments easier, the Reserve Bank today said it is willing to relax the norms only for 'card present' transactions where near-field communication (NFC) technology is used.
It said the ATM transactions where the card is not present will continue to require the additional factor of authentication, a PIN or one-time password.
"It has been decided to relax the extant instructions relating to the need for additional factor of authentication requirements for small value card present transactions only using contact-less card payments using NFC," it said in the draft circular late this evening.
The regulator has set a limit of Rs. 2,000 per transaction even for contact-less cards.
The RBI said it has arrived at this conclusion after examining the trade-off between security and convenience.
The two-factor authentication issue came to light after the RBI discovered that the US-based tax aggregator Uber was circumventing this norm. This led to the central bank last August asking the American company to comply with its norms by last October or else shut shop. Uber fell in line and complied with the norms.
At present, a customer has to key-in the personal identification number (PIN) for authenticating every transaction. If the draft circular gets implemented, customers using contactless cards will not have to key in the PIN for transaction up to Rs. 2,000.
The RBI has advised banks to explain to customers the NFC technology, its use, risks and also the maximum liability devolving on the customer, and also to put in place a robust mechanism to report of loss or stealing of cards.
At present, only ICICI Bank BSE -1.15 % has a contactless card offering, while industry sources say the largest lender SBI is also mulling to launch such a card.
It can be noted that the e-commerce firms have been pitching for doing away with the two-factor authentication for small value transactions, and some like Snapdeal had also requested for the cap to be set at Rs. 3,000.